Lucene search
K

9382 matches found

Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.34 views

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-813)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-813 advisory. Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for wri...

9.8CVSS7.2AI score0.43663EPSS
Exploits14References10
Amazon
Amazon
added 2025/01/24 12:0 a.m.4 views

Important: iperf3

Issue Overview: iperf v3.17.1 was discovered to contain a segmentation violation via the iperfexchangeparameters function. CVE-2024-53580 Affected Packages: iperf3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core a...

7.5CVSS7.4AI score0.00908EPSS
Exploits1
Amazon
Amazon
added 2025/01/24 12:0 a.m.5 views

Important: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.4AI score0.005EPSS
Exploits0
Amazon
Amazon
added 2025/01/24 12:0 a.m.4 views

Important: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.4AI score0.005EPSS
Exploits0
Amazon
Amazon
added 2025/01/24 12:0 a.m.5 views

Important: redis

Issue Overview: Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional...

9.8CVSS7.9AI score0.07802EPSS
Exploits2
Amazon
Amazon
added 2025/01/24 12:0 a.m.23 views

Important: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.8AI score0.005EPSS
Exploits0
Amazon
Amazon
added 2025/01/24 12:0 a.m.7 views

Important: iperf3

Issue Overview: iperf v3.17.1 was discovered to contain a segmentation violation via the iperfexchangeparameters function. CVE-2024-53580 Affected Packages: iperf3 Issue Correction: Run dnf update iperf3 --releasever 2023.6.20250123 to update your system. New Packages: aarch64: ...

7.5CVSS7.2AI score0.00908EPSS
Exploits1
Amazon
Amazon
added 2025/01/24 12:0 a.m.22 views

Important: iperf3

Issue Overview: iperf v3.17.1 was discovered to contain a segmentation violation via the iperfexchangeparameters function. CVE-2024-53580 Affected Packages: iperf3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core a...

7.5CVSS7.8AI score0.00908EPSS
Exploits1
Amazon
Amazon
added 2025/01/24 12:0 a.m.2 views

Important: postgresql

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

8.8CVSS7.8AI score0.01565EPSS
Exploits0
Amazon
Amazon
added 2025/01/24 12:0 a.m.12 views

Important: postgresql

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

8.8CVSS8.9AI score0.01565EPSS
Exploits0
Amazon
Amazon
added 2025/01/24 12:0 a.m.15 views

Medium: perl-Module-ScanDeps

Issue Overview: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

5.3CVSS6.4AI score0.08598EPSS
Exploits3
Amazon
Amazon
added 2025/01/24 12:0 a.m.6 views

Medium: runfinch-finch

Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 golang-jwt is a Go implementation of JSON Web Tokens. Unclear...

5.3CVSS6.8AI score0.00856EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.25 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-078 (ALASKERNEL-5.10-2025-078)

The version of kernel installed on the remote host is prior to 5.10.230-223.885. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-078 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have...

7.8CVSS7.2AI score0.00809EPSS
Exploits2References82
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.56 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-061 (ALASKERNEL-5.15-2025-061)

The version of kernel installed on the remote host is prior to 5.15.176-118.170. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-061 advisory. In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on...

7.8CVSS6.7AI score0.00612EPSS
Exploits2References182
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.101 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-809)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-809 advisory. In the Linux kernel, the following vulnerability has been resolved: IORINGOPREAD did not correctly consume the provided buffer list when CVE-2023-52926 In the Linux kernel, the following...

8.4CVSS6.7AI score0.00612EPSS
Exploits1References224
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.36 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-079 (ALASKERNEL-5.10-2025-079)

The version of kernel installed on the remote host is prior to 5.10.233-223.887. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-079 advisory. In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on...

7.8CVSS6.7AI score0.00612EPSS
Exploits2References178
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.24 views

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-091)

The version of kernel installed on the remote host is prior to 5.4.288-202.389. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-091 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning...

7.8CVSS6.7AI score0.00612EPSS
Exploits1References112
Amazon
Amazon
added 2025/01/24 12:0 a.m.3 views

Low: ansible-core

Issue Overview: No CVE associated with this advisory Affected Packages: ansible-core Issue Correction: Run dnf update ansible-core --releasever 2023.6.20250123 or dnf update --advisory ALAS2023-2025-820 --releasever 2023.6.20250123 to update your system. More information on how to update your...

5.5CVSS6.8AI score0.00502EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.20 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-816)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-816 advisory. An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS7AI score0.00856EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.21 views

Amazon Linux 2 : iperf3 (ALAS-2025-2736)

The version of iperf3 installed on the remote host is prior to 3.1.7-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2736 advisory. iperf v3.17.1 was discovered to contain a segmentation violation via the iperfexchangeparameters function. CVE-2024-53580 Tenable ha...

7.5CVSS7.3AI score0.00908EPSS
Exploits1References4
Rows per page
Query Builder